2 matches found
CVE-2018-15875
Cross-site scripting XSS vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request...
CVE-2018-15875
The CVE concerns D-Link DIR-615 routers (version 20.07) with an XSS in the UPnP AddPortMapping SOAP request. The root cause is that the description field can be manipulated to inject JavaScript into the router’s admin UPnP page (Advanced→UPnP). Connected sources (CNVD-2018-16522, NVD entry) confi...